Re: McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow

["Joey Mengele" <joey.mengele () hushmail com>]

You are playing handpuppet of the jackass, actually. Check PATH_MAX 
in the Linux Kernel.

J

On Wed, 15 Aug 2007 12:53:18 -0400 monikerd <monikerd () gmail com> 
wrote:
> Joey Mengele wrote:
> > Where does security come into play here? This is a local crash 
> in a 
> > non setuid binary. I would like to hear your remote exploitation 
>
> > scenario. Or perhaps your local privilege escalation scenario?
> >
> > J
> >
> >   
> I'll play advocate of the devil then. Imagine a wiki running on a 
> webserver,
>
> that allows anybody to create new topics which end up in
> /articles/[Topic].txt
> with sufficient .htaccess stuff in /articles to twart most usual 
> attacks ..
>
>
> If you could create an arbitrary long topic, then you *might*
> be able to execute some code, when some cronjob would scan the 
> drive
> and come across the file?
>
> creating files is a different privilege than  running code. Hence 
> imho
> it's not a bogus advisory.
>
>
> another possibility would be to create an archive that extracts an
> incredibly
> long filename perhaps? scanning an archive before/after it's 
> extracted
> is a pretty common event i guess.

--
Click for free information on accounting careers, $150 hour potential.
http://tagline.hushmail.com/fc/Ioyw6h4dCaNyraR2kkZ8KcMCiTJDWZokEDbswig9iZ5cvsPFFYamWc/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/